06-08-202008-08-2020

Security daily (07-08-2020)

Election interference efforts have shifted, NSA and Cyber Command election threats leads say

With Election Day less than 100 days away, the National Security Agency and U.S. Cyber Command are carefully monitoring threats to the 2020 U.S. presidential election from Russia, China, Iran, and groups of criminal actors, two officials said Friday. And while Russian government operatives have probed state IT systems and run hack-and-leak operations to influence U.S. elections in the past, the playbook is not necessarily the same this year, the NSA election threats lead, David Imbordino, and Brig. Gen. William Hartman, the Cyber Command election threats lead, said. While Russia depended on the Internet Research Agency (IRA) to run influence operations in 2016, they have been outsourcing operations to other actors, Imbordino and Hartman said, confirming that the IRA recently set up an offshoot of its troll farm in Ghana and Nigeria. “In terms of 2020 [in the IRA] we’ve seen a shift towards more use of proxies…intermediaries…laundering information through […] The post Election interference efforts have shifted, NSA and Cyber Command election threats leads say appeared first on CyberScoop. (CyberScoop)

Ohio becomes first state to release vulnerability policy for election-related websites

Ohio’s secretary of state has established guidelines for security experts to find and help fix software flaws in the state’s election-related websites, the first such move by a state as the 2020 election approaches. The vulnerability disclosure policy (VDP) covers registration websites for Ohio residents and overseas and military voters, among other sites, and provides legal liability protections for researchers. The program will bolster the efforts of Ohio Secretary of State Frank LaRose’s security team at a time when threats to election infrastructure “have never been greater,” the policy states. Under the policy, researchers are required to wait four months after reporting a vulnerability to Ohio officials before going public with it. “We believe that public disclosure of vulnerabilities is an essential part of the vulnerability disclosure process, and that one of the best ways to make software better is to enable everyone to learn from each other’s mistakes,” the […] The post Ohio becomes first state to release vulnerability policy for election-related websites appeared first on CyberScoop. (CyberScoop)

Flaws in Qualcomm chips could allow snooping, Check Point finds

Software flaws in millions of smartphones used throughout the world could give hackers a gateway into users’ personal data. More than 400 vulnerabilities in chips used in approximately 40% of the world’s cellphones and devices could allow hackers to spy on users’ GPS location and microphones in real-time, according to new Check Point research. The vulnerable units, Digital Signal Processor units or DSP chips made by Qualcomm Technologies, specifically Qualcomm Snapdragon DSP chips, impact popular cellphones and devices from Samsung, LG, Xiaomi, and Google are vulnerable, according to researchers. DSP chips, made up of software and hardware, are designed to enhance charging, audio features, and multimedia activities. But these flaws are a reminder that as ubiquitous as chips are in popular devices, vulnerabilities abound. The Spectre and Meltdown vulnerabilities, discovered by Google’s Project Zero two years ago, affected nearly every modern computer chip, for instance. In a statement shared with CyberScoop, Qualcomm said it has seen […] The post Flaws in Qualcomm chips could allow snooping, Check Point finds appeared first on CyberScoop. (CyberScoop)

Someone hijacked Reddit moderator accounts to promote Trump

Hackers appeared to take over a number of influential Reddit accounts Friday to post messages promoting President Donald Trump’s reelection campaign. Some pages were plastered with “Make America Great Again” or “MAGA” logos, while others included messages about the president. The source of the attacks on the subreddit pages appeared to be moderator accounts, a Reddit spokesperson confirmed. “An investigation is underway related to a series of vandalized communities,” the spokesperson said. “It appears the source of the attacks were compromised moderator accounts. We are working to lock down those accounts and restore impacted communities.” Reddit moderators are often unpaid users who volunteer their time to maintain forums and discussions on the popular site. A Reddit post lists the pages that have been affected, including discussion forums dedicated to outer space, the National Football League and “The Avengers.” It was not immediately clear how the moderator accounts had been compromised or who could […] The post Someone hijacked Reddit moderator accounts to promote Trump appeared first on CyberScoop. (CyberScoop)

China doesn’t want Trump re-elected; Russia is denigrating Biden, US intel official says

China prefers that President Donald Trump not win a second term, while Russia is working to denigrate presumptive Democratic nominee Joe Biden, a senior U.S. intelligence official said Friday in an unusually direct statement on election interference. The Chinese government has “expanded its influence efforts” ahead of the U.S. presidential election in November, and grown increasingly critical of the Trump administration’s response to the coronavirus and its closure of the Chinese consulate in Houston, said William Evanina, head of the National Counterintelligence and Security Center. Moscow, meanwhile, has used “a range of measures” to try to sully Biden’s candidacy, Evanina said, in line with Russia’s criticism of Biden when he was vice president. “Some Kremlin-linked actors are also seeking to boost President Trump’s candidacy on social media and Russian television,” Evanina said. The Iranian government, for its part, has looked to undermine U.S. institutions and Trump, and sow divisions among […] The post China doesn’t want Trump re-elected; Russia is denigrating Biden, US intel official says appeared first on CyberScoop. (CyberScoop)

Old vulnerabilities die hard: researchers uncover 20-year-old code in Windows Print Spooler

Every Microsoft Windows operating system has a file that manages commands to print documents. It is ubiquitous to the point of going unnoticed. But when researchers from security firm SafeBreach took a closer look at the file, which is called a Print Spooler Service, they noticed that some of the code is two decades old. A denial of service vulnerability the researchers reported earlier this year, which crashes the spooler service, worked not on only Windows 10, the latest operating system, but also on Windows 2000. It’s a glaring example of the old code that is bequeathed to popular software programs we take for granted. But the researchers weren’t done dissecting the spooler service. “We got intrigued, so we continued to dive in,” said Peleg Hadar, senior security researcher at SafeBreach Labs. They found another bug in the spooler service that could allow an attacker to gain system privileges on […] The post Old vulnerabilities die hard: researchers uncover 20-year-old code in Windows Print Spooler appeared first on CyberScoop. (CyberScoop)

Trump issues executive orders that will ban transactions with TikTok, WeChat parent companies

President Donald Trump issued two executive orders Thursday that will ban making transactions with Chinese tech companies ByteDance and Tencent as of Sept. 20. The two companies own widely popular applications — ByteDance owns video-sharing app TikTok, while Tencent operates messaging service WeChat — that have been characterized as national security threats. Trump has expressed particular concern over TikTok in the last week, telling reporters over the weekend that he was looking to ban the app in the United States. In the executive order, Trump said TikTok allows the Chinese government to capture vast swaths of data from U.S. citizens, censor content it deems politically sensitive, and use it for disinformation campaigns. “The United States must take aggressive action against the owners of TikTok to protect our national security,” the order reads. TikTok is wildly popular, with more than 2 billion downloads worldwide, including 165 million times in the U.S., market intelligence firm […] The post Trump issues executive orders that will ban transactions with TikTok, WeChat parent companies appeared first on CyberScoop. (CyberScoop)

Business Email Compromise – fighting back with machine learning

Machine learning models are immune to blandishments, threats, flattery and so - so why not set them against social engineers? (Naked Security)

How to Host a Deep Web IRC Server for More Anonymous Chatting

Internet Relay Chat, or IRC, is one of the most popular chat protocols on the internet. The technology can be connected to the Tor network to create an anonymous and secure chatroom — without the use of public IP addresses.

IRC servers allow one to create and manage rooms, users, and automated functions, among other tools, to administer an instant messaging environment. IRC's roots began in 1988 when Jarkko Oikarinen decided to attempt to implement a new chat protocol for users at the University of Oulu, Finland. Since then, it's been widely adopted and used as a lightweight means of... more (Null Byte « WonderHowTo)

Bulgarian Police Arrest Hacker Instakilla

(News ≈ Packet Storm)

Is The US About To Split The Internet?

(News ≈ Packet Storm)

Hackers Dump 20GB Of Intel's Confidential Data Online

(News ≈ Packet Storm)

Hackers Are Defacing Reddit With Pro-Trump Messages

(News ≈ Packet Storm)

PHP Binary Downloader

When possible, an attacker will want to avoid using specific functions in their PHP code that they know are more likely to be flagged by a scanner. Some examples of suspicious functions commonly detected include system and fileputcontents. In this malware dropper file we recently found on a compromised website, the attacker chose to create a user-defined PHP function getFile to accomplish the same task as fileputcontents. Continue reading PHP Binary Downloader at Sucuri Blog. (Sucuri Blog)

Capital One Fined $80 Million for 2019 Data Breach Affecting 106 Million Users

A United States regulator has fined the credit card provider Capital One Financial Corp with $80 million over last year's data breach that exposed the personal information of more than 100 million credit card applicants of Americans.

The fine was imposed by the Office of the Comptroller of the Currency (OCC), an independent bureau within the United States Department of the Treasury that (The Hacker News)

Evasive Credit Card Skimmers Using Homograph Domains and Infected Favicon

Cybersecurity researchers today highlighted an evasive phishing technique that attackers are exploiting in the wild to target visitors of several sites with a quirk in domain names, and leverage modified favicons to inject e-skimmers and steal payment card information covertly.

"The idea is simple and consists of using characters that look the same in order to dupe users," Malwarebytes (The Hacker News)

How COVID-19 Has Changed Business Cybersecurity Priorities Forever

For much of this year, IT professionals all over the globe have had their hands full, finding ways to help businesses cope with the fallout of the coronavirus (COVID-19) pandemic. In many cases, it involved a rapid rollout of significant remote work infrastructure. That infrastructure was called into service with little to no warning and even less opportunity for testing. Needless to say, the (The Hacker News)

Qualcomm Bugs Open 40 Percent of Android Handsets to Attack

Researchers identified serious flaws in Qualcomm’s Snapdragon SoC and the Hexagon architecture that impacts nearly half of Android handsets. (Threatpost)

Attackers Horn in on MFA Bypass Options for Account Takeovers

Legacy applications don't support modern authentication -- and cybercriminals know this. (Threatpost)

Have I Been Pwned Set to Go Open-Source

Fully opening the door to allow people to contribute to – and notably, tinker with – the code for the data-breach information service will be an entirely next-level effort, according to founder Troy Hunt. (Threatpost)

Hackers Dump 20GB of Intel’s Confidential Data Online

Chipmaker investigates a leak of intellectual property from its partner and customer resource center. (Threatpost)

Augmenting AWS Security Controls

Appropriate use of native security controls in AWS and other CSPs is fundamental to managing cloud risk and avoiding costly breaches. (Threatpost)

Black Hat 2020: Influence Campaigns Are a Cybersecurity Problem

An inside look at how nation-states use social media to influence, confuse and divide -- and why cybersecurity researchers should be involved. (Threatpost)

06-08-202008-08-2020

/security-daily/ 08-08-2020 23:44:24